Important: follow these steps carefully. If the device contains sensitive data you cannot lose, try to back up contacts, photos, and important files before proceeding (use USB transfer or a cloud backup you trust). If the phone behaves dangerously (e.g., sending messages you didn't authorize, banking access compromised), disconnect it from networks immediately: turn off Wi‑Fi and mobile data, enable Airplane Mode, and remove the SIM if practical.
Method 1 — Restart in Safe Mode (attempt non-destructive removal)
- Why use Safe Mode: Safe Mode prevents third‑party apps (including many rogue APKs) from running. If the malware’s settings app or uninstall option is blocked in normal mode, Safe Mode often lets you uninstall it.
- Save work and note passwords for any apps you will need to log back into.
- Restart into Safe Mode:
- Press and hold the device’s power button until the power menu appears.
- Tap and hold “Power off” (or “Restart”) until a Safe Mode prompt appears.
- Confirm to reboot into Safe Mode. (On some devices: power off, then power on and hold the volume down button while booting.)
- You’ll see “Safe mode” on the screen if successful.
- Uninstall suspicious apps:
- Open Settings → Apps (or Apps & notifications) → See all apps.
- Sort by Installed date or review apps you don’t recognize or that match the time you installed the rogue APK.
- Tap the suspicious app → Uninstall. If Uninstall is disabled, tap Storage → Clear data, then try uninstall again.
- Reboot normally:
- Restart the device to exit Safe Mode.
- Confirm the app is gone and the device is behaving normally.
- Cleanup and check:
- Run Google Play Protect: Play Store → Profile → Play Protect → Scan.
- Change passwords for sensitive accounts (email, banking) from a different, safe device.
- Monitor battery, data use, and unknown SMS messages for a few days.
Method 2 — Factory Reset (destructive; guaranteed removal)
- Why use Factory Reset: A factory reset wipes user data and third‑party apps, returning the device to its original state. Use when Safe Mode/uninstall fails or device is deeply compromised.
- Backup first:
- Manually copy photos, documents, and any files you need to a computer or trusted cloud. Do not back up APKs or unknown apps.
- Export contacts (or ensure they’re synced to your Google account).
- Remove account protections (optional but helpful):
- Remove Google/Facebook accounts (Settings → Accounts). This avoids Factory Reset Protection issues on some devices.
- Perform the factory reset (standard method):
- Settings → System → Reset options → Erase all data (factory reset) → Confirm.
- Enter your PIN/password and confirm. The phone will reboot and erase data.
- If you cannot access settings, use Recovery Mode:
- Power off the device.
- Boot into Recovery Mode (commonly Power + Volume Down or Power + Volume Up; check your device model).
- Use volume keys to select “Wipe data/factory reset” and power button to confirm.
- After reset, choose “Reboot system now.”
- After the reset:
- During initial setup, connect to Wi‑Fi and sign in with your accounts.
- Reinstall apps only from the Google Play Store or other trusted sources.
- Restore personal files from the backup you made (avoid restoring app APKs or unknown files).
- Additional security steps:
- Change passwords for accounts you used on the device.
- Enable Google Play Protect and automatic updates.
- Consider enabling device encryption and a strong lock screen PIN or biometric.
Quick Tip
- If an app blocks removal or system settings, booting into Safe Mode is the fastest non-destructive test; factory reset is the reliable last resort.
Next step suggestion
- After removing the app, do a careful manual review of installed apps and account activity, then run a fresh security scan (Play Protect or a reputable mobile security app). If you suspect your accounts were compromised, change passwords and enable two‑factor authentication from a safe device.
